[LUGOS] [Take Two!] Cudne FTP tezave

David Klasinc bigwhale at lubica.net
Mon Feb 7 19:02:47 CET 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Banzai!

Tokrat nekaj res cudnega, najprej pravice direktorijev:

# ls -l
drwxr-xr-x  5 nobody   nobody 144 Feb  7 19:01 ftp
# cd ftp
# ls -l
drwxr-xr-x  6 nobody nobody  232 Jan 21 07:04 Upload

UID/GID od nobody/nobody = 65534 za oboje.

ps -aux
nobody    9021  0.0  0.9   5372  2412 pts/1    S+   19:42   0:00
proftpd: (accep

proftpd.conf:

ServerType                      standalone
DeferWelcome                    off
ShowSymlinks                    on
MultilineRFC2228                on
DefaultServer                   on
ShowSymlinks                    on
AllowStoreRestart               on
AllowForeignAddress             on

DisplayLogin                    /etc/welcome.msg
DisplayFirstChdir               .message
# LsDefaultOptions                "-l"

DenyFilter                      \*.*/

Port                            21
MaxInstances                    10
MaxClients                      20

User                            nobody
Group                           nobody
RequireValidShell               off

DefaultRoot /home/ftp
<Directory /home/ftp/*>
~  Umask                         022 022
~  AllowOverwrite                off
~  <Limit WRITE>
~    DenyAll
~  </Limit>
</Directory>

<Directory /home/ftp/Upload/*>
~  Umask                         022 022
~  AllowOverwrite                on
~ <Limit WRITE STOR>
~   AllowAll
~ </Limit>
</Directory>

In rezultat:
username bigwhale je cisto valid shell user na masini

ftp> cd Upload
ftp> mkdir lk
550 lk: Permission denied
ftp> put atidrv.exe
200 PORT command successful
550 ATIDrv.exe: Permission denied
ftp>

proftpd -n -d 9 pa vrne tole:

capybara.lubica.net (thefish.lubica.lan[10.0.0.1]) - FS: using system
lstat()
capybara.lubica.net (thefish.lubica.lan[10.0.0.1]) - dispatching CMD
command 'STOR ATIDrv.exe' to mod_xfer
capybara.lubica.net (thefish.lubica.lan[10.0.0.1]) - FS: using system open()
capybara.lubica.net (thefish.lubica.lan[10.0.0.1]) - unable to open
'ATIDrv.exe' for writing: Permission denied

# chmod 777 /home/ftp/Upload

ftp> put atidrv.exe
....
se log:
capybara.lubica.net (thefish.lubica.lan[10.0.0.1]) - FS: using system open()
capybara.lubica.net (thefish.lubica.lan[10.0.0.1]) - ROOT PRIVS: ID
switching disabled

Kot zanimivost bi se povedal to, da je zgoraj omenjena konfiguracija ze
delovala, na neki debian masini. Sumim, da ima vse skupaj neko vezo z
gentoojem. Zgleda, kot da bi proftpd spustil pravice na nekasj
bizarnega, namesto na nobody/nobody.

Vsak predlog bo dobrodosel...

- --
David!




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCB61Hz0dAgYeWS2wRApJEAJ0fE1umC3MYJp3aiwR03jbPyju4dACgvfU5
+RJ82EDPV/ChOBPDp47Xbqk=
=MRQJ
-----END PGP SIGNATURE-----

More information about the lugos-list mailing list